Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.9 CVE-2026-10538

Improper deserialization handling in Control-M Components_CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out o...

BMC Control-M/Enterprise Manager 9.0.21 CVE
MEDIUM 4.3 CVE-2026-10096

Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter_CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' ...

qodeinteractive Qi Blocks CVE
MEDIUM 6.9 MS:CVE-2026-41992

Global Buffer Overflow in GNU gzip_MS:CVE-2026-41992

{“lastseen”:”2026-07-01T07:54:17″,”description”:””,”published”:”2026-06-30T08:02:...

N/A N/A MSCVE
NONE THN:7E63B6C8578...

Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls_THN:7E63B6C8578E5F08078423004F4C49C6

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2AmA92QCIqSJfXqC3z9I1jjdJGEkIvN4k-Oc5MlWZb4yZLPg5clokead6q8yXUfeI4DbdsKVn4qbd1sufvo...

N/A N/A THN
NONE THN:790F5359258...

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware_THN:790F5359258638A19E7DEA99AE4EA21A

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX2IWQhpupx-U0U70hWTg9afsBb41pslrGP733mXXdBKValODZrPoYD3UQqGVq1j9fSgmgf9rqDyxEAx1iKz...

N/A N/A THN
MEDIUM 6.5 CVE-2026-12110

Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' Parameter_CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the '...

taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board CVE
MEDIUM 6.5 CVE-2026-12090

Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' Parameter_CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the '...

taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board CVE
MEDIUM 6.5 CVE-2026-11988

LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter_CVE-2026-11988

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in ...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE
MEDIUM 4.3 CVE-2026-11981

GiveWP <= 4.15.3 - Cross-Site Request Forgery_CVE-2026-11981

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce v...

stellarwp GiveWP – Donation Plugin and Fundraising Platform CVE
MEDIUM 6.4 CVE-2026-11380

JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting_CVE-2026-11380

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due ...

jetmonsters JetWidgets For Elementor CVE